Satellite Hacking Is a Real Thing and It Presents a Real Threat to Our Security
Have you ever wondered what would happen if all satellites suddenly just stopped working? While we do not see them floating above our heads, and some people still don't believe they exist at all (calling out all flat-earthers here), our dependency on them is striking. If satellites abruptly stopped working, making phone calls internationally could become impossible, we would not be able to watch TV, our GPS systems would crash, and governments would lose some control of their communications systems too. No, life on Earth would not stop, but it would become very different from what we are used to now. While it is highly unlikely that we will experience a scenario like that in our lifetime, we have a different issue we need to focus on, and that is satellite hacking. As it turns out, hackers can hack satellites, and if you can put two and two together, you must understand that this could greatly threaten our overall security.
How can hackers hack satellites?
Just like with any system or network, hackers depend on vulnerabilities and security backdoors that can be used to exploit them. Here's a shocker: Some satellite systems still run on Windows XP or even Windows 95. Now, we cannot really know if that is a vulnerability or not, but our guess is that systems running the latest versions of operating systems with the best support are bound to be safer. While this might be shocking to hear if you already forgot how Windows XP looks, using unsupported, old versions of operating systems isn't anything new. In fact, it was recently reported that the UK's Royal Navy uses Windows ME, which, if you did not know, is a predecessor to Windows XP. Clearly, there is a technological gap, and it could be used by attackers interested in satellite hacking. Of course, information regarding the methods of satellite hacking is kept under wraps because if malicious parties learn about these methods, they could apply them for their own hacking attacks.
For example, at the beginning of this summer, Reuters reported about Symantec's discovery of a campaign targeted at satellite operators. The attack was believed to come from three computers in China, but no information about the offenders was revealed. During the attack, hackers were able to disrupt satellite operators, defense contractors, as well as the US and Asian telecommunications companies. According to Symantec, this satellite hack attack could have posed a serious threat to civilian and military security, and data regarding it was immediately shared with the U.S. Federal Bureau of Investigation and Department of Homeland Security and other involved parties.
Aviation, maritime, and military satellite communication (SATCOM) systems are at risk
Would a hacker focus all of their attention and resources to attack you or me? That is highly unlikely. Anyone brave enough to mess with satellites is likely to be interested in the bigger fish, which might include aviation, maritime systems, and military. Ruben Santamarta, a cybersecurity researcher at IOActive, has revealed during the 2018 Black Hat conference in Las Vegas that he was able to find a way to hack satellites remotely. Of course, Santamarta did not perform the attack because his incentive is to discover security vulnerabilities and inform authorities about them before they are exploited. All research was immediately shared with relevant security agencies. According to the researcher, aviation, maritime, and military satellite communication (SATCOM) systems were found to be at risk. It was discovered that if attackers hacked satellites used for controlling planes, security systems could be affected by intercepting non-safety communications, such as onboard Wi-Fi. Maritime and military satellite systems could be affected by compromising navigation systems and recording GPS coordinates, which, of course, could physically endanger anyone depending on these systems.
Last week, it was reported that Gendarmerie Air Transport (GTA) – which is a division of the National Police in France – was investigating the possibility of someone tampering with the satellite communications systems of the widely-reported Malaysia Airlines aircraft (flight MH370) that disappeared in 2014. We will have to see how this story develops, but if it is found that a satellite hack has been involved, this could change the history of cybersecurity as we know it.
Efforts to ensure SATCOM cybersecurity
Now that it is known that hackers can hack satellites, it is no wonder that satellite operators, governments, and cybersecurity agencies are working hard to ensure that satellite hacks do not occur or, at least, are contained before any damage is done. NASA, for one, has introduced the Vulnerability Assessment Program that is meant to ensure operational security posture of a system's critical network and infrastructure components. In the United States, the Air Force is determined to add encryption devices to satellites to prevent hacks. While it is easy for the government to control its own systems, controlling commercial satellites and communications systems can be a different challenge. Of course, everyone is concerned about security, and this is the perfect time to start working hand in hand.
Is there anything you can do to fight cybercrime and satellite hacking? Unfortunately, it isn't up to you or me to control governments and ensure the security of satellite communications systems, even if we depend on them too. That being said, there's always something you can do, and even if that is just keeping your own systems and networks safe, you are on the right track. Hackers are able to fund major attacks because they are able to exploit regular users by scamming them, infecting their operating systems and using resources to mine cryptocurrency, and selling stolen personal data. If you want to do your part, make sure that cyber attackers cannot line their pockets by exploiting you.